Privacy Policy

Last updated: 1 March 2026

1. Introduction

StoryIQ Ltd ("Company", "we", "us", or "our"), a company registered in England and Wales, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Threat Detective website and services (collectively, the "Services").

Please read this Privacy Policy carefully. By using the Services, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, company name, and other registration details when you create an account
  • Waitlist Information: Name and email address when you join our waitlist
  • Communication Data: Information you provide when you contact us for support or enquiries
  • Payment Information: Billing details (processed securely through third-party payment processors)
  • User Content: SBOMs, vulnerability data, and other content you upload to use the Services

2.2 Automatically Collected Information

When you access our Services, we automatically collect certain information, including:

  • Log Data: IP address, browser type, operating system, pages visited, time and date of visits
  • Device Information: Device type, unique device identifiers
  • Usage Data: How you interact with the Services, features used, actions taken

2.3 Web Analytics and Cookies

We use PostHog, a privacy-friendly analytics platform, to help us understand how visitors use our website and Services. PostHog analytics is only activated with your explicit consent via our cookie banner.

When you consent to analytics cookies, we collect:

  • Page Views: Which pages you visit and when
  • User Interactions: Buttons clicked, features used, and navigation patterns
  • Session Information: Session duration, referral sources, and user journey through the site
  • Technical Data: Browser version, screen resolution, and device type

PostHog data is processed in the EU and is subject to strict data protection standards. We do not use this data for advertising purposes, nor do we share it with third-party advertisers. The data helps us improve user experience, fix bugs, and prioritise feature development.

You can withdraw your consent at any time by clearing your browser cookies or by contacting us at privacy@threatdetective.com. The analytics cookies we use include:

  • td_posthog_consent: Stores your cookie consent preference (expires after 1 year)
  • ph_*_posthog: PostHog session and user identification cookies (expires after 1 year)

Note: We do not use cookies for advertising or cross-site tracking. Analytics cookies are only set with your explicit consent.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Process your account registration and manage your account
  • Communicate with you about the Services, including updates, notifications, and support
  • Send you newsletters and marketing communications (where you have opted in)
  • Process payments and billing
  • Respond to your enquiries and provide customer support
  • Monitor and analyse usage patterns to improve the Services
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Services you have requested
  • Legitimate Interests: To improve our Services, ensure security, and conduct business operations
  • Consent: For marketing communications and newsletters (which you can withdraw at any time)
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Customer support platforms
  • Web analytics providers (PostHog - only with your consent, EU-hosted)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as:

  • Court orders or legal processes
  • Requests from law enforcement or regulatory authorities
  • Protection of our legal rights and interests
  • Prevention of fraud or security threats

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Retention

We retain your personal information for as long as necessary to provide the Services and fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you close your account, we will delete or anonymise your personal information within a reasonable timeframe, except where we need to retain certain information for legal, regulatory, or legitimate business purposes.

Waitlist email addresses are retained until you request removal or unsubscribe from our communications.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or alteration. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and monitoring
  • Access controls and authentication mechanisms
  • Staff training on data protection

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Our Services are hosted in the European Union by default. If we transfer your personal information outside the UK or EU, we will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognising equivalent data protection standards
  • Other legally approved transfer mechanisms

9. Your Rights Under UK GDPR

You have the following rights regarding your personal information:

  • Right of Access: Request a copy of your personal information
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information (subject to legal obligations)
  • Right to Restrict Processing: Request limitation on how we use your information
  • Right to Data Portability: Receive your information in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing where consent was the legal basis

To exercise these rights, please contact us using the details in Section 13. We will respond to your request within one month.

10. Marketing Communications

If you have opted in to receive marketing communications or joined our waitlist, we will send you emails about:

  • Product updates and new features
  • Industry news and resources
  • Special offers and promotions
  • Waitlist updates and early access opportunities

You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us directly.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last updated" date at the top of this page
  • Sending you an email notification (for significant changes)

Your continued use of the Services after changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

StoryIQ Ltd
Company Number: 07273811
2a The Quadrant
Epsom, Surrey
KT17 4RH
United Kingdom

Email: privacy@threatdetective.com

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal information appropriately. Visit ico.org.uk for more information.